This led the researchers to believe that Android users are downloading Trojanized apps—perhaps fake Yahoo Android clients re-packaged with a bot—that connects them to Yahoo! Mail servers and spews Viagra adverts. In the past we've heard of rogue mobile security apps that were actually connecting devices to the Zeus botnet and harvesting banking info.

Sophos' Chet Wisienski added that many of the originating IP addresses came from mobile network operators.

"For example one sample I am looking at came from 176.8.44.134 which is a mobile network block owned by Kyivstar GSM a Ukrainian mobile network operator," he told PCMag.

"We don’t have a malware sample, but all indicators are if it looks like a droid and acts like a droid, it is likely a droid. It would be significantly harder to reverse engineer Yahoo!’s APIs then to add spamming capability to an Android Trojan."

More Proof NeededIn theory, a spam attack leveraging Android devices isn’t at all farfetched. As we've seen time and time again, most Android malware comes from foreign app markets where no security scanning takes place. But did attackers really unleash the first Android botnet this week?

Researchers from BitDefender and Kaspersky say they’ve found no proof of a bot.

“We tried to find such a sample today but no avail,” said Bogdan Botezatu, an e-threat specialist at BitDefender.

Similarly, Roel Schouwenberg, a senior malware researcher at Kaspersky said the evidence was "very weak" that these emails actually came from infected Android devices. More likely, the attackers simply added the Android signature at the end of their emails.

“What we do know is that spam emails featuring these characteristics are being sent out. But it seems like currently nobody knows what malware/botnet on which OS is responsible for that," Schouwenberg wrote.

Botezatu said that even though his labs couldn't confirm a botnet attack, it made sense, “Unlike home PCs that are usually switched off at night and during office hours, Android devices are always on and probably always connected to the 3G network, so they can continuously send spam. Secondly, an Android bot would be much more difficult to spot and remove, as most Android users don’t run any security solution on their device.”

About the Author

Sara Yin is a junior analyst in the Software, Internet, and Networking group at PCmag.com, pouring most of her energy into app testing and security matters at Security Watch with Neil Rubenking. She lies awake at night pondering the state of mobile security (half-true).
Prior to joining PCMag.com, Sara spent five years reporting for publication... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.